Provide ability for binding to Stream property. It would be nice if I could create upload as easy as it is in MVC. Please provide out of the box suport for binding multipart/form-data or octet-stream to class with stream property.
It would be also nice If I could bind field with base64 string to stream property.

Please enhance the ApiExplorer to fully support the AsyncEntitySetController & EntitySetController. It is possible to generated some help documentation by using ApiExplorerSetting( IgnoreApi=false) attribute, but the help pages contain the incorrect relative path / route, the Queryable Gets are ignored, and the request/response samples are missing.

Optionally, exposing some of the internal class such as HttpRouteParser, HttpParsedRoute, etc… would allow for custom ApiExplorers (like ODataApiExplorer).

The current Web Api Client is not compatible with Mono For Android, and trying to use HttpWebRequest and OData from Android mobile app. is a pain. Not sure about the amount of effort involved, but the author of Json.Net recently provided an mfa-compatible version, packaged as a Portable Class Library.

Based on the current Route being executed, it should be possible to detect HTTP methods the same route supports and therefore populate the Allow header in the response. e.g. whilst performing a GET on /api/values it should be possible to detect that the route supports both GET and POST (in fact the code I presume already has this list so that it knows which Action to call). The Allow header could then be populated with GET, POST.

The icing on the cake would be that the Authorize attribute is still checked so if the caller does not have permission to use one of the methods, then that method is dropped from the list.

Based on the current Route being executed, it should be possible to detect HTTP methods the same route supports and therefore populate the Allow header in the response. e.g. whilst performing a GET on /api/values it should be possible to detect that the route supports both GET and POST (in fact the code I presume already has this list so that it knows which Action to call). The Allow header could then be populated with GET, POST.

The icing on the cake would be that the Authorize attribute is still checked so if the caller does not have permission to…

Currently, there is no way to influence in what way $expand binds additional models. I would very much like to have some control over what models are binded, in order to apply authorization on these binded models.

Right now to support OData URIs with multiple parameters, you need to parse the string yourself and extract the key/value pairs. This can be consolidated with a custom parameter binding, but given that this is part of the OData standard it would be helpful to offer this capability as part of the platform rather than having all of us author our own.

It appears that WebAPI projects do not automatically transform web.config files on build. After getting used to this for other .NET project types, it's difficult to make the exception in the case of WebAPI projects.